download

ITIL V3 (Information Technology Infrastructure Library) Roles and Responsibilities Templates

ITIL V3 roles within Service Strategy
- IT Steering Group (ISG)
- Financial Manager
- Service Portfolio Manager

ITIL V3 roles within Service Design
- Service Catalogue Manager
- Service Level Manager
- Service Owner
- Service Design Manager
- Applications Analyst/ Architect
- Technical Analyst/ Architect
- Risk Manager
- Capacity Manager
- Availability Manager
- IT Service Continuity Manager
- IT Security Manager
- Compliance Manager
- IT Architect

Wireless and Mobile Network Security Personal Risk and Control Templates

1. Read access to private data
this risk includes unauthorized reading of the consumed, produced or transmitted content. An example is wire tapping or snooping, i.e. a passive reading of data during their transmission over a telecommunications network. Motivated by privacy protection, this category also includes read access to administrative data related to the access profile (such as personal identity, location, use statistics and billing).

2. Modification of private data
an unnoticed change in the private data cited in the preceding section is a risk, because it can lead to taking control of the private data, to changes in usage statistics, accounting, etc. Note that depending on the used technology, modification does not necessarily imply read access. An example is the blind change of encrypted frames on a wireless link that uses the WEP encryption scheme according to the IEEE 802.11 standard.

3. Rogue services

IT Security Plan Template

Download Free IT Security Plan Template

A. APPLICATION/SYSTEM IDENTIFICATION

A.1 Application/System Category
- Indicate whether the application/system is a Major Application or a General Support System.
- A Major Application is "an application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application."
- A General Support System is an "interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people."

Download Free Business Impact Analysis Questionnaire Template

Business Impact Analysis
A Business Impact Analysis (BIA) is the foundation for all business continuity planning programs. It identifies the financial and operational impacts that may result from a disruption of business operations. Disruptions can take many forms,

Download Free Sarbanes Oxley (SOX) 404 IT General Control Test Plan

- Obtain a copy of the organization’s SDLC methodology.

- Review the methodology to determine that it addresses security, availability and processing integrity requirements.

- Review the organization’s SDLC methodology to determine if it considers both the development and acquisition of new systems and major changes to existing systems.

- Review the methodology to determine if it addresses application controls.